Home.... | log in.... | Pub my question! | Sign-up....
Java-index >> Enterprise & Remote Computing >> Web Tier APIs

Problem with Session time out

Hi,

I have some problem with session time out. in web.xml i set session time out for 30 minutes and i check the session expiry in each servlet as

if((request.getRequestedSessionId()!=null && !(request.isRequestedSessionIdValid()))) {

// forward to login expires page

}

then i use response.sendRedirect(some url) to redirect to login page.

The problem comes when the user try to log back in after session expiry they still got the session invalidated page even though i created a new session but problem is request.isRequestedSessionIdValid() returns false. can any one guide me how to tackle session expiry issue.

Regards,

A.

[689 byte] By [Ananth.duraia] at [2007-11-27 11:01:21]
«« regarding id attribute in web.xml
»» can u help me wid this.. i need 30 only 30 mins for my asignment
# 1

> and i check the session expiry in each servlet as

Seriously? Move this logic into a single Filter.

PseudocodedoFilter(request, response, chain) {

if (session is expired && is not login page) {

redirect to login page;

} else {

chain.doFilter(request, response);

}

}

BalusCa at 2007-7-29 12:36:17 > top of Java-index,Enterprise & Remote Computing,Web Tier APIs...
# 2

Hi,

Again get the same problem. i check this time with request.getSessionId() & session.getId().. when first time logged in both returns equal values but when the session expired and try to log back both returns different values

Regards,

A

Ananth.duraia at 2007-7-29 12:36:17 > top of Java-index,Enterprise & Remote Computing,Web Tier APIs...
# 3

> both returns different values

That's normal.

A global practice is to put the logged in user in the session. Check for that in the filter: if the user isn't in there, then the session is expired, or the user has logged out himself, then you should redirect to the login page.

BalusCa at 2007-7-29 12:36:17 > top of Java-index,Enterprise & Remote Computing,Web Tier APIs...
# 4

hi,

you mean to set a session variable for user like session.setAttribute("user","some value") and check whether it is null or not in filter?

Regards,

A..

Ananth.duraia at 2007-7-29 12:36:17 > top of Java-index,Enterprise & Remote Computing,Web Tier APIs...
# 5

Yes.

BalusCa at 2007-7-29 12:36:17 > top of Java-index,Enterprise & Remote Computing,Web Tier APIs...
Enterprise & Remote Computing
Web Tier APIs

Enterprise & Remote Computing Hot Topic

Enterprise & Remote Computing

All Classified